User Tools

Site Tools


it_tips:luvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
it_tips:luvpn [2020/03/13 15:35]
florido
it_tips:luvpn [2020/08/31 10:41]
florido [Connecting to the LU VPN]
Line 1: Line 1:
 ====== Connecting to the LU VPN ====== ====== Connecting to the LU VPN ======
 +
 +:!: **20200508** These instructions have been updated. LU changed the way to connect to the VPN. I am investigating whether encryption is enforced. :!:
  
 The Lund University VPN is a system to secure connect from outside the LU network to The Lund University VPN is a system to secure connect from outside the LU network to
Line 6: Line 8:
  
 Instructions on how to configure it for windows and macOS are available at the Instructions on how to configure it for windows and macOS are available at the
-official documentation website:+official documentation website.
  
-  * Windows : https://​luservicedesk.service-now.com/​support_en?id=kb_article_en&sys_id=7dc3f3dedbb2cb8049c77cc9bf96194a +  * Windows : https://​luservicedesk.service-now.com/​support?id=search_swe&spa=1&​t=kb_se&​q=windows%20vpn 
-  * MacOS X : https://​luservicedesk.service-now.com/​support_en?id=kb_article_en&sys_id=9d0ffe53db4a6e4049c77cc9bf961992+  * MacOS X : https://​luservicedesk.service-now.com/​support?id=search_swe&​spa=1&​t=kb_se&q=Mac%20vpn
  
 For other systems only generic instructions are given: For other systems only generic instructions are given:
  
-  * Generic: https://​luservicedesk.service-now.com/​support_en?id=kb_article_en&sys_id=61bc4e06dba37b4049c77cc9bf961944+  * Generic: https://​luservicedesk.service-now.com/​support?id=search_swe&spa=1&​t=kb_se&​q=VPN 
 + 
 +Unfortunately the English version is not kept up to date, hence I linked the Swedish one.  
 + 
 +Please complain to the linked websites above if you're not happy (it is not maintained by me)
  
 But below I will detail how to configure and install in commonly used GNU/Linux distributions. But below I will detail how to configure and install in commonly used GNU/Linux distributions.
Line 23: Line 29:
  
   - Install the needed packages <code bash>​sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome</​code> ​   - Install the needed packages <code bash>​sudo apt-get install network-manager-l2tp network-manager-l2tp-gnome</​code> ​
-  - Open the settings dialog {{ :​it_tips:​luvpn_opengnomesettings.png |}} +  - Open the settings dialog {{ :​it_tips:​luvpn_opengnomesettings.png |Open GNOME settings}} 
-  - Select Network (1) and click on the **+** symbol next to the VPN {{ :​it_tips:​luvpn_createvpn.png |}} +  - Select Network (1) and click on the **+** symbol next to the VPN {{ :​it_tips:​luvpn_createvpn.png |Create VPN}} 
-  - Choose "Layer 2 Tunnelling Protocol (L2TP)"​ {{ :​it_tips:​luvpn_l2tp.png |}} +  - Choose "Layer 2 Tunnelling Protocol (L2TP)"​ {{ :​it_tips:​luvpn_l2tp.png | Create l2tp connection}} 
-  - Insert the following information for the Generic VPN config: {{ :​it_tips:​luvpn_config.png |}} +  - Insert the following information for the Generic VPN config: {{ :​it_tips:​luvpn_config.png |Configure VPN}} 
     - Save by pressing the Add button on top of the window.     - Save by pressing the Add button on top of the window.
-  - Activate the VPN by pressing the switch. You will be asked for the LUCAT password. {{ :​it_tips:​luvpn_activate.gif |}} +  - Activate the VPN by pressing the switch. You will be asked for the LUCAT password. {{ :​it_tips:​luvpn_activate.gif |Activate VPN connection}} 
-  - If the connection worked, you should see a small lock connected to the network in the notification icons on the upper right, like the one in the picture below: {{ :​it_tips:​luvpn_indicator.png?​400 |}}+  - If the connection worked, you should see a small lock connected to the network in the notification icons on the upper right, like the one in the picture below: {{ :​it_tips:​luvpn_indicator.png?​400 |VPN indicator}}
  
 ==== Disconnecting from the VPN ==== ==== Disconnecting from the VPN ====
  
-Once configured, one can easily connect and reconnect to the VPN using the upper right menu: {{ :​it_tips:​luvpn_disconnect.png |}}+Once configured, one can easily connect and reconnect to the VPN using the upper right menu: {{ :​it_tips:​luvpn_disconnect.png |Disconnect from VPN}}
  
 However, in some cases the browser and other applications will fail to detect the non-vpn network again, so one way to make it happen faster is to restart the network manager AFTER disconnecting from the VPN: <code bash>​sudo systemctl restart network-manager</​code>​ However, in some cases the browser and other applications will fail to detect the non-vpn network again, so one way to make it happen faster is to restart the network manager AFTER disconnecting from the VPN: <code bash>​sudo systemctl restart network-manager</​code>​
Line 40: Line 46:
 This is currently a bit sad to setup in Linux due to a bug. But it's good to have as it will encrypt your connection. If you are in a hurry you can avoid, but make sure you are not transferring sensitive information. This is currently a bit sad to setup in Linux due to a bug. But it's good to have as it will encrypt your connection. If you are in a hurry you can avoid, but make sure you are not transferring sensitive information.
   - In the VPN configuration dialog, click on "IPsec settings"​   - In the VPN configuration dialog, click on "IPsec settings"​
-  - Enter the information below:{{ :​it_tips:​luvpn_ipsec.png |}}+  - Enter the information below:{{ :​it_tips:​luvpn_ipsec.png |IPSec configuration}}
   - :!: BUG :!: : The button "​enforce UDP encapsulation"​ does not work, so it must be set manually in the config file. This workaround below will set ALL the IPsec connections to enable this feature, so use with care if you have IPsec for some other purpose.   - :!: BUG :!: : The button "​enforce UDP encapsulation"​ does not work, so it must be set manually in the config file. This workaround below will set ALL the IPsec connections to enable this feature, so use with care if you have IPsec for some other purpose.
         - Edit ''/​etc/​ipsec.conf''​ so that the top part looks like this: <code bash># ipsec.conf - strongSwan IPsec configuration file         - Edit ''/​etc/​ipsec.conf''​ so that the top part looks like this: <code bash># ipsec.conf - strongSwan IPsec configuration file
Line 49: Line 55:
         # strictcrlpolicy=yes         # strictcrlpolicy=yes
         # uniqueids = no         # uniqueids = no
-        ​enforceencaps ​= yes+        ​forceencaps ​= yes
 </​code>​ </​code>​
-      - restart the l2tp and ipsec services with this command: <code bash>​systemctl restart xl2tpd strongswan</​code>​+      - restart the l2tp and ipsec services with this command: <code bash>sudo systemctl restart xl2tpd strongswan</​code>​
  
 +==== Known issues ====
  
-===== :!: WIP :!: LUVPN on OpenSuSE 15.1 :!: WIP :!: =====+Sometimes when restarting networking the icon on the upper right corner shows that you're disconnected,​ and the VPN will not connect any longer. It is a gnome3 bug that affects network manager. To solve, it is enough to restart gnome3 by doing the following:​ 
 + 
 +  - Press ''​Alt''​ and ''​F2''​ 
 +  - In the dialog that appears, type ''​r''​ and press enter 
 + 
 +The icon should be restored. 
 + 
 + 
 + 
 +===== LUVPN on OpenSuSE 15.1 =====
  
 These instructions are fork Kde5 (Plasma). If you have another window manager it might be different. These instructions are fork Kde5 (Plasma). If you have another window manager it might be different.
  
   - Install required packages <code bash>​sudo zypper in NetworkManager-l2tp</​code>​   - Install required packages <code bash>​sudo zypper in NetworkManager-l2tp</​code>​
-  - Open connection manager +  - Open connection manager. Click on the small computer in the lower right corner (1) and then click on the sliders icon (2) {{ :​it_tips:​luvpn_os15_configmanager.png | KDE Network Manager}} 
-  - TBC+  - Click on the **+** plus symbol in the connection manager to add a new connection. {{ :​it_tips:​luvpn_os15_addconnection.png |Add VPN connection in KDE}} 
 +  - Select the VPN type L2TP {{ :​it_tips:​luvpn_os15_selectl2tp.png | Choose VPN type}} 
 +  - Configure the VPN as shown in the figure, then click Save. {{ :​it_tips:​luvpn_os15_configvpn.png | Configure VPN}} 
 +  - The VPN is now listed in the network manager. Click OK. {{ :​it_tips:​luvpn_os15_vpndone.png |Configuration done}} 
 + 
 +==== Connecting to the VPN ==== 
 + 
 +  - In order to **connect**,​ click on the small computer icon in the lower right corner, identify the VPN network and click on "​Connect"​ {{ :​it_tips:​luvpn_os15_vpnconnect.png |Connect to VPN}} 
 +  - You may be prompted for your LUCAT password. If all goes well, you should see this icon in the lower left corner: {{ :​it_tips:​luvpn_os15_connected.png?​600 |VPN Connection icon}} 
 +  - The connection is now established,​ however it is not very secure. You may need to configure IPsec to encrypt it, see later in this document. 
 + 
 +==== Disconnect from the VPN ==== 
 +  - To **disconnect**,​ open the network manager icon again and click "​**Disconnect**"​  
 +    - Sometimes the applications do not react well after a vpn disconnect. Restarting NetworkManager doesn'​t help in openSuSE, it just messes up with its configuration. The best is to close and reopen the application or logout and relogin. 
 + 
 +==== ::WIP:: Enabling IPsec ::WIP:: ==== 
 + 
 +Unfortunately at the moment I did not manage to make IPsec work with OpenSuSE. Something is broken in the networkmanager configuration that does not pass the options to the services. In principle it should be enough to configure the IPsec options in the VPN dialog as below: {{ :​it_tips:​luvpn_os15_vpnipsec.png |KDE IPSec configuration}} 
 + 
 +But it does not work. 
it_tips/luvpn.txt · Last modified: 2020/08/31 10:41 by florido

Accessibility Statement